George Kadianakis,Theodoros Polyzos,Mike Perry,Kostas Chatzikokolakis

DOI: https://doi.org/10.48550/arXiv.2103.03831

2022-01-12

Abstract:Online anonymity and privacy has been based on confusing the adversary by creating indistinguishable network elements. Tor is the largest and most widely deployed anonymity system, designed against realistic modern adversaries. Recently, researchers have managed to fingerprint Tor's circuits -- and hence the type of underlying traffic -- simply by capturing and analyzing traffic traces. In this work, we study the circuit fingerprinting problem, isolating it from website fingerprinting, and revisit previous findings in this model, showing that accurate attacks are possible even when the application-layer traffic is identical. We then proceed to incrementally create defenses against circuit fingerprinting, using a generic adaptive padding framework for Tor based on WTF-PAD. We present a simple defense which delays a fraction of the traffic, as well as a more advanced one which can effectively hide onion service circuits with zero delays. We thoroughly evaluate both defenses, both analytically and experimentally, discovering new subtle fingerprints, but also showing the effectiveness of our defenses.

Cryptography and Security

Luo Tao,Wang LiangMin,Yin ShangNan,Shentu Hao,Zhao Hui

DOI: https://doi.org/10.1186/s13677-021-00244-8

2021-01-01

Journal of Cloud Computing

Abstract:Edge computing has developed rapidly in recent years due to its advantages of low bandwidth overhead and low delay, but it also brings challenges in data security and privacy. Website fingerprinting (WF) is a passive traffic analysis attack that threatens website privacy which poses a great threat to user’s privacy and web security. It collects network packets generated while a user accesses website, and then uses a series of techniques to discover patterns of network packets to infer the type of website user accesses. Many anonymous networks such as Tor can meet the need of hide identity from users in network activities, but they are also threatened by WF attacks. In this paper, we propose a website fingerprinting obfuscation method against intelligent fingerprinting attacks, called Random Bidirectional Padding (RBP). It is a novel website fingerprinting defense technology based on time sampling and random bidirectional packets padding, which can covert the real packets distribution to destroy the Inter-Arrival Time (IAT) features in the traffic sequence and increase the difference between the datasets with random bidirectional virtual packets padding. We evaluate the defense against state-of-the-art website fingerprinting attacks in real scenarios, and show its effectiveness.

Xiang Cai,Rishab Nithyanand,Rob Johnson

DOI: https://doi.org/10.48550/arXiv.1401.6022

2014-01-23

Abstract:Website fingerprinting attacks enable an adversary to infer which website a victim is visiting, even if the victim uses an encrypting proxy, such as Tor. Previous work has shown that all proposed defenses against website fingerprinting attacks are ineffective. This paper advances the study of website fingerprinting attacks and defenses in two ways. First, we develop bounds on the trade-off between security and bandwidth overhead that any fingerprinting defense scheme can achieve. This enables us to compare schemes with different security/overhead trade-offs by comparing how close they are to the lower bound. We then refine, implement, and evaluate the Congestion Sensitive BuFLO scheme outlined by Cai, et al. CS-BuFLO, which is based on the provably-secure BuFLO defense proposed by Dyer, et al., was not fully-specified by Cai, et al, but has nonetheless attracted the attention of the Tor developers. Our experiments find that CS-BuFLO has high overhead (around 2.3-2.8x) but can get 6x closer to the bandwidth/security trade-off lower bound than Tor or plain SSH.

Cryptography and Security

Xi Xiao,Xiang Zhou,Zhenyu Yang,Le Yu,Bin Zhang,Qixu Liu,Xiapu Luo

DOI: https://doi.org/10.1016/j.cose.2023.103577

IF: 5.105

2024-01-01

Computers & Security

Abstract:Website fingerprinting (WF) enables eavesdroppers to identify the website a user is visiting by network surveillance, even if the traffic is protected by anonymous communication technologies such as Tor. To avoid this, several defense schemes have been proposed to protect users from the hazard of website fingerprinting attacks. However, some defenses are defeated by new attacks soon since they can not provide provable security guarantees; some defenses can not be deployed in practice since they incur high bandwidth overhead and latency overhead. In this paper, we survey existing WF defense schemes and make a comprehensive analysis. First, we divide WF defenses into four categories and introduce their principles and characteristics separately. Then, we point out some unreasonable settings in previous works and use a new experimental setting to evaluate WF defenses on a public dataset. We find many WF defenses are not as effective as they claim to be. Besides, we investigate the deployment of WF defenses and discuss some potential problems. Finally, we make some suggestions for researchers to design a feasible WF defense and make suggestions for users to protect their privacy.

Ethan Witwer,James Holland,Nicholas Hopper

DOI: https://doi.org/10.48550/arXiv.2208.02917

2022-08-05

Abstract:Website fingerprinting is an attack that uses size and timing characteristics of encrypted downloads to identify targeted websites. Since this can defeat the privacy goals of anonymity networks such as Tor, many algorithms to defend against this attack in Tor have been proposed in the literature. These algorithms typically consist of some combination of the injection of dummy "padding" packets with the delay of actual packets to disrupt timing patterns. For usability reasons, Tor is intended to provide low latency; as such, many authors focus on padding-only defenses in the belief that they are "zero-delay." We demonstrate through Shadow simulations that by increasing queue lengths, padding-only defenses add delay when deployed network-wide, so they should not be considered "zero-delay." We further argue that future defenses should also be evaluated using network-wide deployment simulations

Cryptography and Security

I. Goldberg,Tao Wang

Abstract:Website fingerprinting is a traffic analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using privacy technologies such as proxies, VPNs, or Tor. Effective defenses against website fingerprinting hamper user experience due to their large bandwidth overhead and time overhead, requiring more than a half minute to load a page on average. In this work we propose a new defense against website fingerprinting, Walkie-Talkie, with a small overhead that can confuse even a perfectly classifying attacker. Walkie-Talkie modifies the browser to communicate in half-duplex mode rather than the usual full-duplex mode, thus restricting the feature set available to the attacker. We then add random padding to further confuse the attacker. With Walkie-Talkie, at a bandwidth overhead of 32% and time overhead of 9%, the perfect attacker’s false positive rate exceeds 5%; at a bandwidth overhead of 55%, the perfect attacker’s false positive rate exceeds 10%. Our defense therefore allows webbrowsing clients to defend their privacy against website fingerprinting both effectively and efficiently.

Computer Science

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

James K Holland,Jason Carpenter,Se Eun Oh,Nicholas Hopper

2023-09-23

Abstract:While anonymity networks like Tor aim to protect the privacy of their users, they are vulnerable to traffic analysis attacks such as Website Fingerprinting (WF) and Flow Correlation (FC). Recent implementations of WF and FC attacks, such as Tik-Tok and DeepCoFFEA, have shown that the attacks can be effectively carried out, threatening user privacy. Consequently, there is a need for effective traffic analysis defense. There are a variety of existing defenses, but most are either ineffective, incur high latency and bandwidth overhead, or require additional infrastructure. As a result, we aim to design a traffic analysis defense that is efficient and highly resistant to both WF and FC attacks. We propose DeTorrent, which uses competing neural networks to generate and evaluate traffic analysis defenses that insert 'dummy' traffic into real traffic flows. DeTorrent operates with moderate overhead and without delaying traffic. In a closed-world WF setting, it reduces an attacker's accuracy by 61.5%, a reduction 10.5% better than the next-best padding-only defense. Against the state-of-the-art FC attacker, DeTorrent reduces the true positive rate for a $10^{-5}$ false positive rate to about .12, which is less than half that of the next-best defense. We also demonstrate DeTorrent's practicality by deploying it alongside the Tor network and find that it maintains its performance when applied to live traffic.

Cryptography and Security

Shui Yu,Guofeng Zhao,Wanchun Dou,Simon James

DOI: https://doi.org/10.1109/tifs.2012.2197392

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Anonymous communication has become a hot research topic in order to meet the increasing demand for web privacy protection. However, there are few such systems which can provide high level anonymity for web browsing. The reason is the current dominant dummy packet padding method for anonymization against traffic analysis attacks. This method inherits huge delay and bandwidth waste, which inhibits its use for web browsing. In this paper, we propose a predicted packet padding strategy to replace the dummy packet padding method for anonymous web browsing systems. The proposed strategy mitigates delay and bandwidth waste significantly on average. We formulated the traffic analysis attack and defense problem, and defined a metric, cost coefficient of anonymization (CCA), to measure the performance of anonymization. We thoroughly analyzed the problem with the characteristics of web browsing and concluded that the proposed strategy is better than the current dummy packet padding strategy in theory. We have conducted extensive experiments on two real world data sets, and the results confirmed the advantage of the proposed method.

Guodong Huang,Chuan Ma,Ming Ding,Yuwen Qian,Chunpeng Ge,Liming Fang,Zhe Liu

DOI: https://doi.org/10.48550/arXiv.2302.13763

2023-02-27

Abstract:Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and deep learning tend to use the most typical features to achieve a satisfactory performance of attacking rate. However, these attacks suffer from several practical implementation factors, such as a skillfully pre-processing step or a clean dataset. To defend against such attacks, random packet defense (RPD) with a high cost of excessive network overhead is usually applied. In this work, we first propose a practical filter-assisted attack against RPD, which can filter out the injected noises using the statistical characteristics of TCP/IP traffic. Then, we propose a list-assisted defensive mechanism to defend the proposed attack method. To achieve a configurable trade-off between the defense and the network overhead, we further improve the list-based defense by a traffic splitting mechanism, which can combat the mentioned attacks as well as save a considerable amount of network overhead. In the experiments, we collect real-life traffic patterns using three mainstream browsers, i.e., Microsoft Edge, Google Chrome, and Mozilla Firefox, and extensive results conducted on the closed and open-world datasets show the effectiveness of the proposed algorithms in terms of defense accuracy and network efficiency.

Cryptography and Security,Machine Learning

Meng Shen,Kexin Ji,Jinhe Wu,Qi Li,Xiangdong Kong,Ke Xu,Liehuang Zhu

DOI: https://doi.org/10.1109/sp54263.2024.00247

2024-01-01

Abstract:Website Fingerprinting (WF) attacks significantly threaten user privacy in anonymity networks such as Tor. While numerous defenses have been proposed, they are unable to efficiently defend against recent deep learning based WF attacks. In this paper, we propose Palette, a novel and practical WF defense that utilizes traffic cluster anonymization to protect live Tor traffic. By clustering websites with high similarity in traffic patterns and regulating them into a well-designed uniform pattern for a cluster (i.e., a group of similar websites), Palette prevents attackers from distinguishing between these similar websites within the cluster and further provides a strong anonymity guarantee. Comprehensive evaluations with public real-world datasets show that Palette is superior to the existing defenses, greatly reducing the accuracy of the state-of-the-art (SOTA) WF attacks with acceptable overheads. Furthermore, we implement Palette as a Pluggable Transport in the Tor network. The experiment results demonstrate that, on average, Palette effectively reduces the accuracy of the SOTA WF attacks by 73.60%, which improves the existing defenses by 33.50%-43.47%.

Boyu Sun,Wenyuan Yang,Mengqi Yan,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/icccs55155.2022.9846237

2022-01-01

Abstract:Website Fingerprinting (WF) can be used by network eavesdroppers to infer information about the content of encrypted and anonymous connections. Several defenses leverage adversarial examples to mitigate the threat of WF attacks, but they require to get entire traffic traces after network sessions have concluded to produce adversarial examples, thus offer users little protection in practical settings. In this paper, a novel practical WF defense method called WF-UAP is proposed by crafting Universal Adversarial Perturbations (UAP) to fight back against WF attacks, in which adversarial examples are produced to fool the classifiers used in WF attacks when UAPs are added to any network traffic trace in the target domain. We further present a Generative Adversarial Network (GAN) based UAP generation approach to enhance the performance of UAPs. It can efficiently generate UAPs once the generator is trained and make the adversarial traces and original traffic traces are more difficult to distinguish. Our experimental results over a public dataset demonstrate that WF-UAP reduces the accuracy of the state-of-the-art WF attacks from 98% to 15% with at most 20% increased bandwidth overhead, which outperforms the previous defenses in terms of the defense performance and overhead.

Anatoly Shusterman,Zohar Avraham,Eliezer Croitoru,Yarden Haskal,Lachlan Kang,Dvir Levi,Yosef Meltser,Prateek Mittal,Yossi Oren,Yuval Yarom

DOI: https://doi.org/10.1109/tdsc.2020.2988369

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Website fingerprinting attacks use statistical analysis on network traffic to compromise user privacy. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who observes traffic traveling between the user's computer and the network. In this article we investigate a different attack model, in which the adversary sends JavaScript code to the target user's computer. This code mounts a cache side-channel attack to identify other websites being browsed. Using machine learning techniques to classify traces of cache activity, we achieve high classification accuracy in both the open-world and the closed-world models. Our attack is more resistant than network-based fingerprinting to the effects of response caching, and resilient both to network-based defenses and to side-channel countermeasures. We carry out a real-world evaluation of several aspects of our attack, exploring the impact of the changes in websites and browsers over time, as well as of the attacker's ability to guess the software and hardware configuration of the target user's computer. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that it reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser.

computer science, information systems, software engineering, hardware & architecture

Payap Sirinam,Mohsen Imani,Marc Juarez,Matthew Wright

DOI: https://doi.org/10.48550/arXiv.1801.02265

2018-08-20

Abstract:Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight website fingerprinting defenses for Tor have been proposed that substantially degrade existing attacks: WTF-PAD and Walkie-Talkie. In this work, we present Deep Fingerprinting (DF), a new website fingerprinting attack against Tor that leverages a type of deep learning called Convolutional Neural Networks (CNN) with a sophisticated architecture design, and we evaluate this attack against WTF-PAD and Walkie-Talkie. The DF attack attains over 98% accuracy on Tor traffic without defenses, better than all prior attacks, and it is also the only attack that is effective against WTF-PAD with over 90% accuracy. Walkie-Talkie remains effective, holding the attack to just 49.7% accuracy. In the more realistic open-world setting, our attack remains effective, with 0.99 precision and 0.94 recall on undefended traffic. Against traffic defended with WTF-PAD in this setting, the attack still can get 0.96 precision and 0.68 recall. These findings highlight the need for effective defenses that protect against this new attack and that could be deployed in Tor.

Cryptography and Security

Shawn Shan,Arjun Nitin Bhagoji,Haitao Zheng,Ben Y. Zhao

DOI: https://doi.org/10.48550/arXiv.2102.04291

2021-02-08

Abstract:Anonymity systems like Tor are vulnerable to Website Fingerprinting (WF) attacks, where a local passive eavesdropper infers the victim's activity. Current WF attacks based on deep learning classifiers have successfully overcome numerous proposed defenses. While recent defenses leveraging adversarial examples offer promise, these adversarial examples can only be computed after the network session has concluded, thus offer users little protection in practical settings. We propose Dolos, a system that modifies user network traffic in real time to successfully evade WF attacks. Dolos injects dummy packets into traffic traces by computing input-agnostic adversarial patches that disrupt deep learning classifiers used in WF attacks. Patches are then applied to alter and protect user traffic in real time. Importantly, these patches are parameterized by a user-side secret, ensuring that attackers cannot use adversarial training to defeat Dolos. We experimentally demonstrate that Dolos provides 94+% protection against state-of-the-art WF attacks under a variety of settings. Against prior defenses, Dolos outperforms in terms of higher protection performance and lower information leakage and bandwidth overhead. Finally, we show that Dolos is robust against a variety of adaptive countermeasures to detect or disrupt the defense.

Cryptography and Security

Anatoly Shusterman,Lachlan Kang,Yarden Haskal,Yosef Meltser,Prateek Mittal,Yossi Oren,Yuval Yarom

DOI: https://doi.org/10.48550/arXiv.1811.07153

2019-02-21

Abstract:Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user's computer and the Tor network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of running a small amount of unprivileged code on the target user's computer. Under this model, the attacker can mount cache side-channel attacks, which exploit the effects of contention on the CPU's cache, to identify the website being browsed. In an important special case of this attack model, a JavaScript attack is launched when the target user visits a website controlled by the attacker. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. In this work we show that cache website fingerprinting attacks in JavaScript are highly feasible, even when they are run from highly restrictive environments, such as the Tor Browser. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack.

Cryptography and Security,Machine Learning

Wen Ming Liu,Lingyu Wang,Kui Ren,Pengsu Cheng,Mourad Debbabi

DOI: https://doi.org/10.1007/978-3-642-31680-7_5

2012-01-01

Abstract:While web-based applications are becoming increasingly ubiquitous, they also present new security and privacy challenges. In particular, recent research revealed that many high profile Web applications might cause private user information to leak from encrypted traffic due to side-channel attacks exploiting packet sizes and timing. Moreover, existing solutions, such as random padding and packet-size rounding, are shown to incur prohibitive cost while still not ensuring sufficient privacy protection. In this paper, we propose a novel k-indistinguishable traffic padding technique to achieve the optimal tradeoff between privacy protection and communication and computational cost. Specifically, we first present a formal model of the privacy-preserving traffic padding (PPTP). We then formulate PPTP problems under different application scenarios, analyze their complexity, and design efficient heuristic algorithms. Finally, we confirm the effectiveness and efficiency of our algorithms by comparing them to existing solutions through experiments using real-world Web applications.

Shuai Li,Huajun Guo,Nicholas Hopper

DOI: https://doi.org/10.48550/arXiv.1710.06080

2019-06-05

Abstract:Tor provides low-latency anonymous and uncensored network access against a local or network adversary. Due to the design choice to minimize traffic overhead (and increase the pool of potential users) Tor allows some information about the client's connections to leak. Attacks using (features extracted from) this information to infer the website a user visits are called Website Fingerprinting (WF) attacks. We develop a methodology and tools to measure the amount of leaked information about a website. We apply this tool to a comprehensive set of features extracted from a large set of websites and WF defense mechanisms, allowing us to make more fine-grained observations about WF attacks and defenses.

Cryptography and Security

James K Holland,Nicholas Hopper

DOI: https://doi.org/10.48550/arXiv.2012.06609

2021-09-22

Abstract:Website Fingerprinting (WF) attacks are used by local passive attackers to determine the destination of encrypted internet traffic by comparing the sequences of packets sent to and received by the user to a previously recorded data set. As a result, WF attacks are of particular concern to privacy-enhancing technologies such as Tor. In response, a variety of WF defenses have been developed, though they tend to incur high bandwidth and latency overhead or require additional infrastructure, thus making them difficult to implement in practice. Some lighter-weight defenses have been presented as well; still, they attain only moderate effectiveness against recently published WF attacks. In this paper, we aim to present a realistic and novel defense, RegulaTor, which takes advantage of common patterns in web browsing traffic to reduce both defense overhead and the accuracy of current WF attacks. In the closed-world setting, RegulaTor reduces the accuracy of the state-of-the-art attack, Tik-Tok, against comparable defenses from 66% to 25.4%. To achieve this performance, it requires limited added latency and a bandwidth overhead 39.3% less than the leading moderate-overhead defense. In the open-world setting, RegulaTor limits a precision-tuned Tik-Tok attack to an F-score of .135, compared to .625 for the best comparable defense.

Cryptography and Security

Litao Qiao,Bang Wu,Shuijun Yin,Heng Li,Wei Yuan,Xiapu Luo

DOI: https://doi.org/10.1109/tifs.2023.3304528

IF: 7.231

2023-09-06

IEEE Transactions on Information Forensics and Security

Abstract:Deep neural network (DNN) based website fingerprinting (WF) attacks pose a severe threat to the privacy of Tor users. To overcome this challenge, adversarial perturbation based WF defenses have been recently proposed to fool the classifiers of attackers, through purposefully perturbing the user's traffic traces. Unfortunately, these defenses significantly deteriorate once the WF attacks are enhanced with adversarial training (AT). AT endows the WF attacks with more powerful website recognition capability, through learning the perturbed traffic traces generated by attackers. To resist the WF attacks enhanced by AT, we develop a black-box WF defense, called Acup3. First, Acup3 leverages many-to- one website imitation to make the traffic traces associated with different websites look more like each other, increasing the difficulty of website classification. Second, Acup3 generates trace-agnostic perturbations without accessing traffic traces, making it suitable for practical deployment. Third, Acup3 employs perturbation variation to diversify the traffic traces of different users visiting the same website, making the knowledge learnt from AT less helpful for WF attacks. Therefore, Acup3 is more robust against AT. Experiments demonstrate Acup3 markedly surpasses four representative WF defenses (e.g., Mockingbird and AWA) in defense capability and bandwidth overhead. Facing the state-of-the-art (SOTA) attack Var-CNN enhanced with AT, Acup3 depresses its attack success rate (ASR) from 98% to 24.29% with only 13.95% bandwidth overhead. Compared to the SOTA defense AWA, Acup3 causes a 24.5% larger decrement in ASR of WF attacks, and achieves a more than 100 times faster speed of perturbation generation.

computer science, theory & methods,engineering, electrical & electronic